diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2012-08-23 22:28:47 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2012-08-23 22:28:47 +0000 |
| commit | 74812bbf7ac58db7587bea655c092fffebad2578 (patch) | |
| tree | 89bb5873b17ab331b6f37c5ddc249148b71195a7 | |
| parent | 1ea05aac9ef595aba000bcd21f54ee3354c05507 (diff) | |
update to ldns 1.6.13, tested by okan@, thanks (not yet linked to build).
45 files changed, 1383 insertions, 440 deletions
diff --git a/usr.sbin/unbound/ldns/Changelog b/usr.sbin/unbound/ldns/Changelog index a1581361821..93e53931d84 100644 --- a/usr.sbin/unbound/ldns/Changelog +++ b/usr.sbin/unbound/ldns/Changelog @@ -1,3 +1,28 @@ +1.6.13 2012-05-21 + * New -S option for ldns-verify-zone to chase signatures online. + * New -k option for ldns-verify-zone to validate using a trusted key. + * New inception and expiration margin options (-i and -e) to + ldns-verify-zone. + * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l + functions. + * New ldns_duration* functions (copied from OpenDNSSEC source) + * fix ldns-verify-zone to allow NSEC3 signatures to come before + the NSEC3 RR in all cases. Thanks Wolfgang Nagele. + * Zero the correct flag (opt-out) when creating NSEC3PARAMS. + Thanks Peter van Dijk. + * Canonicalize RRSIG's Signer's name too when validating, because + bind and unbound do that too. Thanks Peter van Dijk. + * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label + * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free + * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT + * bugfix #427: Explicitely link ssl with the programs that use it. + * Fix reading \DDD: Error on values that are outside range (>255). + * bugfix #429: fix doxyparse.pl fails on NetBSD because specified + path to perl. + * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. + * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. + Thanks John Barnitz + 1.6.12 2012-01-11 * bugfix #413: Fix manpage source for srcdir != builddir * Canonicalize the signers name rdata field in RRSIGs when signing diff --git a/usr.sbin/unbound/ldns/aclocal.m4 b/usr.sbin/unbound/ldns/aclocal.m4 index 6fe5ffd2a6a..55f3c925f96 100644 --- a/usr.sbin/unbound/ldns/aclocal.m4 +++ b/usr.sbin/unbound/ldns/aclocal.m4 @@ -1,7 +1,8 @@ -# generated automatically by aclocal 1.11.1 -*- Autoconf -*- +# generated automatically by aclocal 1.11.3 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. +# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, +# Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,8 +15,8 @@ # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives @@ -24,8 +25,8 @@ m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, -# Inc. +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. @@ -159,6 +160,8 @@ AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl @@ -644,7 +647,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." @@ -808,6 +811,7 @@ AC_DEFUN([LT_LANG], m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], @@ -829,6 +833,29 @@ m4_defun([_LT_LANG], ])# _LT_LANG +m4_ifndef([AC_PROG_GO], [ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], @@ -859,6 +886,10 @@ AC_PROVIDE_IFELSE([AC_PROG_GCJ], m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) @@ -961,7 +992,13 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? - if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -969,6 +1006,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ rm -rf libconftest.dylib* rm -f conftest.* fi]) + AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no @@ -980,6 +1018,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF @@ -997,7 +1036,9 @@ _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? - if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD @@ -1042,8 +1083,8 @@ _LT_EOF ]) -# _LT_DARWIN_LINKER_FEATURES -# -------------------------- +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ @@ -1054,6 +1095,8 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES], _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test "$lt_cv_ld_force_load" = "yes"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi @@ -1337,14 +1380,27 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) CFLAGS="$SAVE_CFLAGS" fi ;; -sparc*-*solaris*) +*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" @@ -1421,13 +1477,13 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in @@ -1607,6 +1663,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl lt_cv_sys_max_cmd_len=196608 ;; + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not @@ -1646,7 +1707,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. - while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \ + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do @@ -2192,7 +2253,7 @@ need_version=unknown case $host_os in aix3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH @@ -2201,7 +2262,7 @@ aix3*) ;; aix[[4-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes @@ -2266,7 +2327,7 @@ beos*) ;; bsdi[[45]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' @@ -2405,7 +2466,7 @@ m4_if([$1], [],[ ;; dgux*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' @@ -2413,10 +2474,6 @@ dgux*) shlibpath_var=LD_LIBRARY_PATH ;; -freebsd1*) - dynamic_linker=no - ;; - freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. @@ -2424,7 +2481,7 @@ freebsd* | dragonfly*) objformat=`/usr/bin/objformat` else case $host_os in - freebsd[[123]]*) objformat=aout ;; + freebsd[[23]].*) objformat=aout ;; *) objformat=elf ;; esac fi @@ -2442,7 +2499,7 @@ freebsd* | dragonfly*) esac shlibpath_var=LD_LIBRARY_PATH case $host_os in - freebsd2*) + freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) @@ -2462,7 +2519,7 @@ freebsd* | dragonfly*) ;; gnu*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' @@ -2473,7 +2530,7 @@ gnu*) ;; haiku*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" @@ -2534,7 +2591,7 @@ hpux9* | hpux10* | hpux11*) ;; interix[[3-9]]*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' @@ -2550,7 +2607,7 @@ irix5* | irix6* | nonstopux*) nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; @@ -2587,9 +2644,9 @@ linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2664,7 +2721,7 @@ netbsd*) ;; newsos6) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -2733,7 +2790,7 @@ rdos*) ;; solaris*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2758,7 +2815,7 @@ sunos4*) ;; sysv4 | sysv4.3*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -2782,7 +2839,7 @@ sysv4 | sysv4.3*) sysv4*MP*) if test -d /usr/nec ;then - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH @@ -2813,7 +2870,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' @@ -2823,7 +2880,7 @@ tpf*) ;; uts4*) - version_type=linux + version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -3245,7 +3302,7 @@ irix5* | irix6* | nonstopux*) lt_cv_deplibs_check_method=pass_all ;; -# This must be Linux ELF. +# This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; @@ -3665,6 +3722,7 @@ for ac_symprfx in "" "_"; do # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ @@ -4249,7 +4307,9 @@ m4_if([$1], [CXX], [ case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi ;; esac else @@ -4341,18 +4401,33 @@ m4_if([$1], [CXX], [ ;; *) case `$CC -V 2>&1 | sed 5q` in - *Sun\ F* | *Sun*Fortran*) + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; esac ;; esac @@ -4512,7 +4587,9 @@ m4_if([$1], [CXX], [ ;; cygwin* | mingw* | cegcc*) case $cc_basename in - cl*) ;; + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] @@ -4540,7 +4617,6 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -4794,8 +4870,7 @@ _LT_EOF xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ @@ -5091,6 +5166,7 @@ _LT_EOF # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' @@ -5137,10 +5213,6 @@ _LT_EOF _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; - freebsd1*) - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little @@ -5153,7 +5225,7 @@ _LT_EOF ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2*) + freebsd2.*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes @@ -5192,7 +5264,6 @@ _LT_EOF fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes @@ -5634,9 +5705,6 @@ _LT_TAGDECL([], [no_undefined_flag], [1], _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) -_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], - [[If ld is used when linking, flag to hardcode $libdir into a binary - during linking. This must work even if $libdir does not exist]]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], @@ -5790,7 +5858,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported @@ -6160,7 +6227,7 @@ if test "$_lt_caught_CXX_error" != yes; then esac ;; - freebsd[[12]]*) + freebsd2.*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no @@ -6921,12 +6988,18 @@ public class foo { } }; _LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary @@ -7123,7 +7196,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7256,7 +7328,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no @@ -7439,6 +7510,73 @@ CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GCJ_CONFIG +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler @@ -7508,6 +7646,13 @@ dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], @@ -8172,9 +8317,24 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], - [AS_HELP_STRING([--with-pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], - [pic_mode="$withval"], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) @@ -8346,15 +8506,15 @@ m4_define([lt_dict_filter], # @configure_input@ -# serial 3293 ltversion.m4 +# serial 3337 ltversion.m4 # This file is part of GNU Libtool -m4_define([LT_PACKAGE_VERSION], [2.4]) -m4_define([LT_PACKAGE_REVISION], [1.3293]) +m4_define([LT_PACKAGE_VERSION], [2.4.2]) +m4_define([LT_PACKAGE_REVISION], [1.3337]) AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.4' -macro_revision='1.3293' +[macro_version='2.4.2' +macro_revision='1.3337' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) diff --git a/usr.sbin/unbound/ldns/acx_nlnetlabs.m4 b/usr.sbin/unbound/ldns/acx_nlnetlabs.m4 index 279b20fc29d..e90c81ea02a 100644 --- a/usr.sbin/unbound/ldns/acx_nlnetlabs.m4 +++ b/usr.sbin/unbound/ldns/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 19 +# Version 21 +# 2012-02-09 Fix AHX_MEMCMP_BROKEN with undef in compat/memcmp.h. +# 2012-01-20 Fix COMPILER_FLAGS_UNBOUND for gcc 4.6.2 assigned-not-used-warns. # 2011-12-05 Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. # Fix ACX_MALLOC for redefined malloc error. # Fix GETADDRINFO_WITH_INCLUDES to add -lws2_32 @@ -259,6 +261,8 @@ int test() { a = getopt(2, opts, "a"); a = isascii(32); str = gai_strerror(0); + if(str && t && tv.tv_usec && msg.msg_control) + a = 0; return a; } ], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"]) @@ -294,6 +298,8 @@ int test() { a = getopt(2, opts, "a"); a = isascii(32); str = gai_strerror(0); + if(str && t && tv.tv_usec && msg.msg_control) + a = 0; return a; } ], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"]) @@ -360,6 +366,8 @@ int test() { const char* str = NULL; t = ctime_r(&time, buf); str = gai_strerror(0); + if(t && str) + a = 0; return a; } ], [CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200112"]) @@ -386,6 +394,8 @@ int test() { srandom(32); a = getopt(2, opts, "a"); a = isascii(32); + if(tv.tv_usec) + a = 0; return a; } ], [CFLAGS="$CFLAGS -D__EXTENSIONS__"]) @@ -1317,9 +1327,7 @@ int main(void) dnl define memcmp to its replacement, pass unique id for program as arg AC_DEFUN([AHX_MEMCMP_BROKEN], [ #ifdef MEMCMP_IS_BROKEN -# ifdef memcmp -# undef memcmp -# endif +#include "compat/memcmp.h" #define memcmp memcmp_$1 int memcmp(const void *x, const void *y, size_t n); #endif diff --git a/usr.sbin/unbound/ldns/ax_python_devel.m4 b/usr.sbin/unbound/ldns/ax_python_devel.m4 index c71735e6bb3..2ce6afe8350 100644 --- a/usr.sbin/unbound/ldns/ax_python_devel.m4 +++ b/usr.sbin/unbound/ldns/ax_python_devel.m4 @@ -178,7 +178,8 @@ for e in get_config_vars ('VERSION'): if (e != None): ret += e print (ret) -EOD` +EOD +` if test -z "$ac_python_version"; then if test -n "$PYTHON_VERSION"; then @@ -202,7 +203,8 @@ for e in distutils.sysconfig.get_config_vars ('LIBDIR'): if e != None: print (e) break -EOD` +EOD +` # Before checking for libpythonX.Y, we need to know # the extension the OS we're on uses for libraries diff --git a/usr.sbin/unbound/ldns/config.guess b/usr.sbin/unbound/ldns/config.guess index 40eaed4821e..d622a44e551 100755 --- a/usr.sbin/unbound/ldns/config.guess +++ b/usr.sbin/unbound/ldns/config.guess @@ -2,9 +2,9 @@ # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011 Free Software Foundation, Inc. +# 2011, 2012 Free Software Foundation, Inc. -timestamp='2011-05-11' +timestamp='2012-02-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -17,9 +17,7 @@ timestamp='2011-05-11' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program; if not, see <http://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -57,8 +55,8 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free -Software Foundation, Inc. +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -145,7 +143,7 @@ UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward @@ -792,13 +790,12 @@ EOF echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) - case ${UNAME_MACHINE} in - pc98) - echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) @@ -807,6 +804,9 @@ EOF *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; + i*:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 @@ -861,6 +861,13 @@ EOF i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + aarch64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -895,13 +902,16 @@ EOF echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) - echo cris-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; crisv32:Linux:*:*) - echo crisv32-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; frv:Linux:*:*) - echo frv-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + hexagon:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu @@ -943,7 +953,7 @@ EOF test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) - echo or32-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu @@ -978,13 +988,13 @@ EOF echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-tilera-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) - echo x86_64-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -1315,6 +1325,9 @@ EOF i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; + x86_64:VMkernel:*:*) + echo ${UNAME_MACHINE}-unknown-esx + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 diff --git a/usr.sbin/unbound/ldns/config.sub b/usr.sbin/unbound/ldns/config.sub index 30fdca81215..c894da45500 100755 --- a/usr.sbin/unbound/ldns/config.sub +++ b/usr.sbin/unbound/ldns/config.sub @@ -2,9 +2,9 @@ # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011 Free Software Foundation, Inc. +# 2011, 2012 Free Software Foundation, Inc. -timestamp='2011-03-23' +timestamp='2012-02-10' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -21,9 +21,7 @@ timestamp='2011-03-23' # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program; if not, see <http://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -76,8 +74,8 @@ version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free -Software Foundation, Inc. +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -132,6 +130,10 @@ case $maybe_os in os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; + android-linux) + os=-linux-android + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] @@ -247,17 +249,22 @@ case $basic_machine in # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ + | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | be32 | be64 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ + | epiphany \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep | metag \ @@ -291,7 +298,7 @@ case $basic_machine in | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ - | rx \ + | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ @@ -300,7 +307,7 @@ case $basic_machine in | spu \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ - | v850 | v850e \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -315,8 +322,7 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | picochip) - # Motorola 68HC11/12. + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -329,7 +335,10 @@ case $basic_machine in strongarm | thumb | xscale) basic_machine=arm-unknown ;; - + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; xscaleeb) basic_machine=armeb-unknown ;; @@ -352,11 +361,13 @@ case $basic_machine in # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ + | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ @@ -365,8 +376,10 @@ case $basic_machine in | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ @@ -400,7 +413,7 @@ case $basic_machine in | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ - | romp-* | rs6000-* | rx-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ @@ -408,10 +421,11 @@ case $basic_machine in | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile-* | tilegx-* \ + | tile*-* \ | tron-* \ | ubicom32-* \ - | v850-* | v850e-* | vax-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -711,7 +725,6 @@ case $basic_machine in i370-ibm* | ibm*) basic_machine=i370-ibm ;; -# I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 @@ -808,10 +821,18 @@ case $basic_machine in ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; + msys) + basic_machine=i386-pc + os=-msys + ;; mvs) basic_machine=i370-ibm os=-mvs ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; ncr3000) basic_machine=i486-ncr os=-sysv4 @@ -1120,13 +1141,8 @@ case $basic_machine in basic_machine=t90-cray os=-unicos ;; - # This must be matched before tile*. - tilegx*) - basic_machine=tilegx-unknown - os=-linux-gnu - ;; tile*) - basic_machine=tile-unknown + basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) @@ -1336,7 +1352,7 @@ case $os in | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ @@ -1548,9 +1564,6 @@ case $basic_machine in ;; m68000-sun) os=-sunos3 - # This also exists in the configure program, but was not the - # default. - # os=-sunos4 ;; m68*-cisco) os=-aout diff --git a/usr.sbin/unbound/ldns/dname.c b/usr.sbin/unbound/ldns/dname.c index 0e63ef26895..f3770feafb5 100644 --- a/usr.sbin/unbound/ldns/dname.c +++ b/usr.sbin/unbound/ldns/dname.c @@ -87,9 +87,6 @@ ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2) if (left_size > 0 &&ldns_rdf_data(rd1)[left_size - 1] == 0) { left_size--; } - if(left_size == 0) { - return LDNS_STATUS_OK; - } size = left_size + ldns_rdf_size(rd2); newd = LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size); @@ -530,6 +527,7 @@ ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos) uint16_t len; ldns_rdf *tmpnew; size_t s; + uint8_t *data; if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) { return NULL; @@ -543,19 +541,19 @@ ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos) while ((len > 0) && src_pos < s) { if (labelcnt == labelpos) { /* found our label */ - tmpnew = LDNS_MALLOC(ldns_rdf); - if (!tmpnew) { + data = LDNS_XMALLOC(uint8_t, len + 2); + if (!data) { return NULL; } - tmpnew->_type = LDNS_RDF_TYPE_DNAME; - tmpnew->_data = LDNS_XMALLOC(uint8_t, len + 2); - if (!tmpnew->_data) { - LDNS_FREE(tmpnew); + memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1); + data[len + 2 - 1] = 0; + + tmpnew = ldns_rdf_new( LDNS_RDF_TYPE_DNAME + , len + 2, data); + if (!tmpnew) { + LDNS_FREE(data); return NULL; } - memset(tmpnew->_data, 0, len + 2); - memcpy(tmpnew->_data, ldns_rdf_data(rdf) + src_pos, len + 1); - tmpnew->_size = len + 2; return tmpnew; } src_pos++; diff --git a/usr.sbin/unbound/ldns/dnssec.c b/usr.sbin/unbound/ldns/dnssec.c index c41943709bb..c6e93211787 100644 --- a/usr.sbin/unbound/ldns/dnssec.c +++ b/usr.sbin/unbound/ldns/dnssec.c @@ -116,7 +116,6 @@ ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, size_t nsec_i; ldns_rr *nsec; ldns_rdf *result = NULL; - qtype = qtype; if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { return NULL; @@ -533,17 +532,18 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) ldns_rr_free(ds); return NULL; #endif -#ifdef USE_ECDSA - /* Make similar ``not implemented'' construct as above when - draft-hoffman-dnssec-ecdsa-04 becomes a standard - */ case LDNS_SHA384: +#ifdef USE_ECDSA digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH); if (!digest) { ldns_rr_free(ds); return NULL; } break; +#else + /* not implemented */ + ldns_rr_free(ds); + return NULL; #endif } @@ -636,8 +636,8 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) ldns_rr_push_rdf(ds, tmp); #endif break; -#ifdef USE_ECDSA case LDNS_SHA384: +#ifdef USE_ECDSA (void) SHA384((unsigned char *) ldns_buffer_begin(data_buf), (unsigned int) ldns_buffer_position(data_buf), (unsigned char *) digest); @@ -645,8 +645,8 @@ ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) SHA384_DIGEST_LENGTH, digest); ldns_rr_push_rdf(ds, tmp); - break; #endif + break; } LDNS_FREE(digest); @@ -839,8 +839,6 @@ ldns_dnssec_create_nsec3(ldns_dnssec_name *from, ldns_status status; int on_delegation_point; - flags = flags; - if (!from) { return NULL; } @@ -1568,34 +1566,34 @@ ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted) } int -ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n) +ldns_dnssec_default_add_to_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) { - sig = sig; - n = n; return LDNS_SIGNATURE_LEAVE_ADD_NEW; } int -ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n) +ldns_dnssec_default_leave_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) { - sig = sig; - n = n; return LDNS_SIGNATURE_LEAVE_NO_ADD; } int -ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n) +ldns_dnssec_default_delete_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) { - sig = sig; - n = n; return LDNS_SIGNATURE_REMOVE_NO_ADD; } int -ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n) +ldns_dnssec_default_replace_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) { - sig = sig; - n = n; return LDNS_SIGNATURE_REMOVE_ADD_NEW; } diff --git a/usr.sbin/unbound/ldns/dnssec_sign.c b/usr.sbin/unbound/ldns/dnssec_sign.c index 1d283bcc68b..88878bad044 100644 --- a/usr.sbin/unbound/ldns/dnssec_sign.c +++ b/usr.sbin/unbound/ldns/dnssec_sign.c @@ -888,10 +888,11 @@ ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, #endif /* HAVE_SSL */ ldns_dnssec_rrs * -ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg) +ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures + , ATTR_UNUSED(ldns_key_list *key_list) + , int (*func)(ldns_rr *, void *) + , void *arg + ) { ldns_dnssec_rrs *base_rrs = signatures; ldns_dnssec_rrs *cur_rr = base_rrs; @@ -901,8 +902,6 @@ ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, uint16_t keytag; size_t i; - key_list = key_list; - if (!cur_rr) { switch(func(NULL, arg)) { case LDNS_SIGNATURE_LEAVE_ADD_NEW: @@ -1024,12 +1023,13 @@ ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list) } ldns_status -ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void*), - void *arg, - int flags) +ldns_dnssec_zone_create_rrsigs_flg( ATTR_UNUSED(ldns_dnssec_zone *zone) + , ATTR_UNUSED(ldns_rr_list *new_rrs) + , ATTR_UNUSED(ldns_key_list *key_list) + , int (*func)(ldns_rr *, void*) + , void *arg + , int flags + ) { ldns_status result = LDNS_STATUS_OK; @@ -1047,12 +1047,11 @@ ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, int on_delegation_point = 0; /* handle partially occluded names */ ldns_rr_list *pubkey_list = ldns_rr_list_new(); - zone = zone; - new_rrs = new_rrs; - key_list = key_list; for (i = 0; i<ldns_key_list_key_count(key_list); i++) { - ldns_rr_list_push_rr(pubkey_list, - ldns_key2rr(ldns_key_list_key(key_list, i))); + ldns_rr_list_push_rr( pubkey_list + , ldns_key2rr(ldns_key_list_key( + key_list, i)) + ); } /* TODO: callback to see is list should be signed */ /* TODO: remove 'old' signatures from signature list */ @@ -1279,8 +1278,9 @@ ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, salt_length, salt); /* always set bit 7 of the flags to zero, according to - * rfc5155 section 11 */ - ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 7, 0); + * rfc5155 section 11. The bits are counted from right to left, + * so bit 7 in rfc5155 is bit 0 in ldns */ + ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0); result = ldns_dnssec_zone_add_rr(zone, nsec3param); if (result != LDNS_STATUS_OK) { return result; diff --git a/usr.sbin/unbound/ldns/dnssec_verify.c b/usr.sbin/unbound/ldns/dnssec_verify.c index 18af5d2f052..68c70c5e848 100644 --- a/usr.sbin/unbound/ldns/dnssec_verify.c +++ b/usr.sbin/unbound/ldns/dnssec_verify.c @@ -509,7 +509,7 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE *out, if (!sibmap) { treedepth = ldns_dnssec_trust_tree_depth(tree); - sibmap = malloc(treedepth); + sibmap = LDNS_XMALLOC(uint8_t, treedepth); if(!sibmap) return; /* mem err */ memset(sibmap, 0, treedepth); @@ -623,7 +623,7 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE *out, } if (mapset) { - free(sibmap); + LDNS_FREE(sibmap); } } @@ -1578,13 +1578,14 @@ ldns_dnssec_verify_denial(ldns_rr *rr, #ifdef HAVE_SSL ldns_status -ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, - ldns_rr_list *nsecs, - ldns_rr_list *rrsigs, - ldns_pkt_rcode packet_rcode, - ldns_rr_type packet_qtype, - bool packet_nodata, - ldns_rr **match) +ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr + , ldns_rr_list *nsecs + , ATTR_UNUSED(ldns_rr_list *rrsigs) + , ldns_pkt_rcode packet_rcode + , ldns_rr_type packet_qtype + , bool packet_nodata + , ldns_rr **match + ) { ldns_rdf *closest_encloser; ldns_rdf *wildcard; @@ -1592,11 +1593,12 @@ ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, bool wildcard_covered = false; ldns_rdf *zone_name; ldns_rdf *hashed_name; + /* self assignment to suppress uninitialized warning */ + ldns_rdf *next_closer = next_closer; + ldns_rdf *hashed_next_closer; size_t i; ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; - rrsigs = rrsigs; - if (match) { *match = NULL; } @@ -1741,6 +1743,61 @@ ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, /* XXX see note above */ result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; + + closest_encloser = ldns_dnssec_nsec3_closest_encloser( + ldns_rr_owner(rr), + ldns_rr_get_type(rr), + nsecs); + if(!closest_encloser) { + result = LDNS_STATUS_NSEC3_ERR; + goto done; + } + /* Now check if we have a Opt-Out NSEC3 that covers the "next closer"*/ + + if (ldns_dname_label_count(closest_encloser) + 1 + >= ldns_dname_label_count(ldns_rr_owner(rr))) { + + /* Query name *is* the "next closer". */ + hashed_next_closer = hashed_name; + } else { + + /* "next closer" has less labels than the query name. + * Create the name and hash it. + */ + next_closer = ldns_dname_clone_from( + ldns_rr_owner(rr), + ldns_dname_label_count(ldns_rr_owner(rr)) + - (ldns_dname_label_count(closest_encloser) + 1) + ); + hashed_next_closer = ldns_nsec3_hash_name_frm_nsec3( + ldns_rr_list_rr(nsecs, 0), + next_closer + ); + (void) ldns_dname_cat(hashed_next_closer, zone_name); + } + /* Find the NSEC3 that covers the "next closer" */ + for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) { + if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i), + hashed_next_closer) && + ldns_nsec3_optout(ldns_rr_list_rr(nsecs, i))) { + + result = LDNS_STATUS_OK; + if (match) { + *match = ldns_rr_list_rr(nsecs, i); + } + break; + } + } + if (ldns_dname_label_count(closest_encloser) + 1 + < ldns_dname_label_count(ldns_rr_owner(rr))) { + + /* "next closer" has less labels than the query name. + * Dispose of the temporary variables that held that name. + */ + ldns_rdf_deep_free(hashed_next_closer); + ldns_rdf_deep_free(next_closer); + } + ldns_rdf_deep_free(closest_encloser); } done: @@ -2108,11 +2165,11 @@ ldns_rrsig_check_timestamps(ldns_rr* rrsig, time_t now) /* bad sig, expiration before inception?? Tsssg */ return LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION; } - if (now - inception < 0) { + if (((int32_t) now) - inception < 0) { /* bad sig, inception date has not yet come to pass */ return LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED; } - if (expiration - now < 0) { + if (expiration - ((int32_t) now) < 0) { /* bad sig, expiration date has passed */ return LDNS_STATUS_CRYPTO_SIG_EXPIRED; } diff --git a/usr.sbin/unbound/ldns/dnssec_zone.c b/usr.sbin/unbound/ldns/dnssec_zone.c index 89bdf8dd0cc..1f7274bbc96 100644 --- a/usr.sbin/unbound/ldns/dnssec_zone.c +++ b/usr.sbin/unbound/ldns/dnssec_zone.c @@ -621,18 +621,169 @@ ldns_dnssec_zone_new() return zone; } +static bool +rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t) +{ + return ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG + && ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)) == t; +} + +/* When the zone is first read into an list and then inserted into an + * ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next) + * to each other. Because ldns-verify-zone (the only program that uses this + * function) uses the rbtree mostly for sequentual walking, this results + * in a speed increase (of 15% on linux) because we have less CPU-cache misses. + */ +#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */ + +ldns_status +ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, + uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr) +{ + ldns_rr* cur_rr; + size_t i; + + ldns_rdf *my_origin = NULL; + ldns_rdf *my_prev = NULL; + + ldns_dnssec_zone *newzone = ldns_dnssec_zone_new(); + /* when reading NSEC3s, there is a chance that we encounter nsecs + for empty nonterminals, whose nonterminals we cannot derive yet + because the needed information is to be read later. in that case + we keep a list of those nsec3's and retry to add them later */ + ldns_rr_list* todo_nsec3s = ldns_rr_list_new(); + ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new(); + + ldns_status status = LDNS_STATUS_MEM_ERR; + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + ldns_zone* zone = NULL; + if (ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr) + != LDNS_STATUS_OK) goto error; +#else + uint32_t my_ttl = ttl; +#endif + + if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) goto error; + + if (origin) { + if (!(my_origin = ldns_rdf_clone(origin))) goto error; + if (!(my_prev = ldns_rdf_clone(origin))) goto error; + } + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone)) + != LDNS_STATUS_OK) goto error; + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i); + status = LDNS_STATUS_OK; +#else + while (!feof(fp)) { + status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin, + &my_prev, line_nr); + +#endif + switch (status) { + case LDNS_STATUS_OK: + + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + if (status == + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { + + if (rr_is_rrsig_covering(cur_rr, + LDNS_RR_TYPE_NSEC3)){ + ldns_rr_list_push_rr(todo_nsec3_rrsigs, + cur_rr); + } else { + ldns_rr_list_push_rr(todo_nsec3s, + cur_rr); + } + } else if (status != LDNS_STATUS_OK) + goto error; + + break; + + + case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */ + case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ + case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/ + break; + + case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */ + status = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; + break; + + default: + goto error; + } + } + + if (ldns_rr_list_rr_count(todo_nsec3s) > 0) { + (void) ldns_dnssec_zone_add_empty_nonterminals(newzone); + for (i = 0; i < ldns_rr_list_rr_count(todo_nsec3s); i++) { + cur_rr = ldns_rr_list_rr(todo_nsec3s, i); + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + } + for (i = 0; i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++){ + cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i); + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + } + } else if (ldns_rr_list_rr_count(todo_nsec3_rrsigs) > 0) { + for (i = 0; i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++){ + cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i); + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + } + } + + ldns_rr_list_free(todo_nsec3_rrsigs); + ldns_rr_list_free(todo_nsec3s); + + if (z) { + *z = newzone; + } else { + ldns_dnssec_zone_free(newzone); + } + + return LDNS_STATUS_OK; + +error: +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (zone) { + ldns_zone_free(zone); + } +#endif + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (newzone) { + ldns_dnssec_zone_free(newzone); + } + return status; +} + +ldns_status +ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, + uint32_t ttl, ldns_rr_class ATTR_UNUSED(c)) +{ + return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); +} + void ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) { (void) arg; ldns_dnssec_name_free((ldns_dnssec_name *)node->data); - free(node); + LDNS_FREE(node); } void ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) { (void) arg; ldns_dnssec_name_deep_free((ldns_dnssec_name *)node->data); - free(node); + LDNS_FREE(node); } void @@ -644,7 +795,7 @@ ldns_dnssec_zone_free(ldns_dnssec_zone *zone) ldns_traverse_postorder(zone->names, ldns_dnssec_name_node_free, NULL); - free(zone->names); + LDNS_FREE(zone->names); } LDNS_FREE(zone); } @@ -659,7 +810,7 @@ ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone) ldns_traverse_postorder(zone->names, ldns_dnssec_name_node_deep_free, NULL); - free(zone->names); + LDNS_FREE(zone->names); } LDNS_FREE(zone); } @@ -919,3 +1070,24 @@ ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone) } return LDNS_STATUS_OK; } + +bool +ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone) +{ + ldns_rr* nsec3; + ldns_rbnode_t* node; + + if (ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_NSEC3PARAM)) { + node = ldns_rbtree_first(zone->names); + while (node != LDNS_RBTREE_NULL) { + nsec3 = ((ldns_dnssec_name*)node->data)->nsec; + if (nsec3 &&ldns_rr_get_type(nsec3) + == LDNS_RR_TYPE_NSEC3 && + ldns_nsec3_optout(nsec3)) { + return true; + } + node = ldns_rbtree_next(node); + } + } + return false; +} diff --git a/usr.sbin/unbound/ldns/doc/doxyparse.pl b/usr.sbin/unbound/ldns/doc/doxyparse.pl index 218825fe1b0..526c617101b 100755 --- a/usr.sbin/unbound/ldns/doc/doxyparse.pl +++ b/usr.sbin/unbound/ldns/doc/doxyparse.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Doxygen is usefull for html documentation, but sucks # in making manual pages. Still tool also parses the .h diff --git a/usr.sbin/unbound/ldns/drill/chasetrace.c b/usr.sbin/unbound/ldns/drill/chasetrace.c index a1dfd44681e..c2bbfd00901 100644 --- a/usr.sbin/unbound/ldns/drill/chasetrace.c +++ b/usr.sbin/unbound/ldns/drill/chasetrace.c @@ -30,7 +30,6 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_rr_list *new_nss_aaaa; ldns_rr_list *final_answer; ldns_rr_list *new_nss; - ldns_rr_list *hostnames; ldns_rr_list *ns_addr; uint16_t loop_count; ldns_rdf *pop; @@ -195,9 +194,6 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, return NULL; } - hostnames = ldns_get_rr_list_name_by_addr(local_res, - ldns_pkt_answerfrom(p), 0, 0); - new_nss = ldns_pkt_authority(p); final_answer = ldns_pkt_answer(p); @@ -229,14 +225,13 @@ do_chase(ldns_resolver *res, ldns_rr_list *trusted_keys, ldns_pkt *pkt_o, uint16_t qflags, - ldns_rr_list *prev_key_list, + ldns_rr_list * ATTR_UNUSED(prev_key_list), int verbosity) { ldns_rr_list *rrset = NULL; ldns_status result; ldns_rr *orig_rr = NULL; - bool cname_followed = false; /* ldns_rr_list *sigs; ldns_rr *cur_sig; @@ -290,7 +285,6 @@ do_chase(ldns_resolver *res, /* answer might be a cname, chase that first, then chase cname target? (TODO) */ if (!rrset) { - cname_followed = true; rrset = ldns_pkt_rr_list_by_name_and_type(pkt, name, LDNS_RR_TYPE_CNAME, diff --git a/usr.sbin/unbound/ldns/drill/configure b/usr.sbin/unbound/ldns/drill/configure index f277a1f2858..95bc4356072 100755 --- a/usr.sbin/unbound/ldns/drill/configure +++ b/usr.sbin/unbound/ldns/drill/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.12. +# Generated by GNU Autoconf 2.68 for ldns 1.6.13. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.12' -PACKAGE_STRING='ldns 1.6.12' +PACKAGE_VERSION='1.6.13' +PACKAGE_STRING='ldns 1.6.13' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -1216,7 +1216,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.12 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.13 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1277,7 +1277,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.6.12:";; + short | recursive ) echo "Configuration of ldns 1.6.13:";; esac cat <<\_ACEOF @@ -1373,7 +1373,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.12 +ldns configure 1.6.13 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1796,7 +1796,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.12, which was +It was created by ldns $as_me 1.6.13, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2149,7 +2149,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 19 +# Version 21 +# 2012-02-09 Fix AHX_MEMCMP_BROKEN with undef in compat/memcmp.h. +# 2012-01-20 Fix COMPILER_FLAGS_UNBOUND for gcc 4.6.2 assigned-not-used-warns. # 2011-12-05 Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. # Fix ACX_MALLOC for redefined malloc error. # Fix GETADDRINFO_WITH_INCLUDES to add -lws2_32 @@ -5908,7 +5910,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.12, which was +This file was extended by ldns $as_me 1.6.13, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5970,7 +5972,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.12 +ldns config.status 1.6.13 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff --git a/usr.sbin/unbound/ldns/drill/configure.ac b/usr.sbin/unbound/ldns/drill/configure.ac index 5c28053d99d..afd5c63803b 100644 --- a/usr.sbin/unbound/ldns/drill/configure.ac +++ b/usr.sbin/unbound/ldns/drill/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.56) -AC_INIT(ldns, 1.6.12, libdns@nlnetlabs.nl,libdns) +AC_INIT(ldns, 1.6.13, libdns@nlnetlabs.nl,libdns) AC_CONFIG_SRCDIR([drill.c]) sinclude(../acx_nlnetlabs.m4) diff --git a/usr.sbin/unbound/ldns/drill/dnssec.c b/usr.sbin/unbound/ldns/drill/dnssec.c index 030aa3bb73f..b72ffb95dad 100644 --- a/usr.sbin/unbound/ldns/drill/dnssec.c +++ b/usr.sbin/unbound/ldns/drill/dnssec.c @@ -245,17 +245,15 @@ ldns_nsec3_exact_match(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s uint8_t salt_length; uint8_t *salt; - ldns_rdf *sname, *hashed_sname; + ldns_rdf *sname = NULL, *hashed_sname = NULL; size_t nsec_i; ldns_rr *nsec; ldns_rr *result = NULL; - ldns_status status; - const ldns_rr_descriptor *descriptor; - ldns_rdf *zone_name; + ldns_rdf *zone_name = NULL; if (verbosity >= 4) { printf(";; finding exact match for "); @@ -281,16 +279,28 @@ ldns_nsec3_exact_match(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s salt_length = ldns_nsec3_salt_length(nsec); salt = ldns_nsec3_salt_data(nsec); iterations = ldns_nsec3_iterations(nsec); + if (salt == NULL) { + goto done; + } sname = ldns_rdf_clone(qname); - + if (sname == NULL) { + goto done; + } if (verbosity >= 4) { printf(";; owner name hashes to: "); } hashed_sname = ldns_nsec3_hash_name(sname, algorithm, iterations, salt_length, salt); - + if (hashed_sname == NULL) { + goto done; + } zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); - status = ldns_dname_cat(hashed_sname, zone_name); + if (zone_name == NULL) { + goto done; + } + if (ldns_dname_cat(hashed_sname, zone_name) != LDNS_STATUS_OK) { + goto done; + }; if (verbosity >= 4) { ldns_rdf_print(stdout, hashed_sname); @@ -337,15 +347,13 @@ ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *n uint8_t salt_length; uint8_t *salt; - ldns_rdf *sname, *hashed_sname, *tmp; - ldns_rr *ce; + ldns_rdf *sname = NULL, *hashed_sname = NULL, *tmp; bool flag; bool exact_match_found; bool in_range_found; - ldns_status status; - ldns_rdf *zone_name; + ldns_rdf *zone_name = NULL; size_t nsec_i; ldns_rr *nsec; @@ -366,13 +374,21 @@ ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *n salt_length = ldns_nsec3_salt_length(nsec); salt = ldns_nsec3_salt_data(nsec); iterations = ldns_nsec3_iterations(nsec); + if (salt == NULL) { + goto done; + } sname = ldns_rdf_clone(qname); + if (sname == NULL) { + goto done; + } - ce = NULL; flag = false; zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + if (zone_name == NULL) { + goto done; + } /* algorithm from nsec3-07 8.3 */ while (ldns_dname_label_count(sname) > 0) { @@ -385,8 +401,13 @@ ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *n printf(" hashes to: "); } hashed_sname = ldns_nsec3_hash_name(sname, algorithm, iterations, salt_length, salt); + if (hashed_sname == NULL) { + goto done; + } - status = ldns_dname_cat(hashed_sname, zone_name); + if (ldns_dname_cat(hashed_sname, zone_name) != LDNS_STATUS_OK){ + goto done; + } if (verbosity >= 3) { ldns_rdf_print(stdout, hashed_sname); @@ -431,9 +452,12 @@ ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *n tmp = sname; sname = ldns_dname_left_chop(sname); ldns_rdf_deep_free(tmp); + if (sname == NULL) { + goto done; + } } - done: +done: LDNS_FREE(salt); ldns_rdf_deep_free(zone_name); ldns_rdf_deep_free(sname); @@ -447,68 +471,3 @@ ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *n /* todo checks from end of 6.2. here or in caller? */ return result; } - - -/* special case were there was a wildcard expansion match, the exact match must be disproven */ -ldns_status -ldns_verify_denial_wildcard(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs) -{ - ldns_rdf *nsec3_ce = NULL; - ldns_rr *nsec3_ex = NULL; - ldns_rdf *wildcard_name = NULL; - ldns_rdf *nsec3_wc_ce = NULL; - ldns_rr *nsec3_wc_ex = NULL; - ldns_rdf *chopped_dname = NULL; - ldns_rr_list *nsecs; - ldns_status result = LDNS_STATUS_ERR; - - nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION); - if (nsecs) { - wildcard_name = ldns_dname_new_frm_str("*"); - chopped_dname = ldns_dname_left_chop(name); - result = ldns_dname_cat(wildcard_name, chopped_dname); - ldns_rdf_deep_free(chopped_dname); - - nsec3_ex = ldns_nsec3_exact_match(name, type, nsecs); - nsec3_ce = ldns_nsec3_closest_encloser(name, type, nsecs); - nsec3_wc_ce = ldns_nsec3_closest_encloser(wildcard_name, type, nsecs); - nsec3_wc_ex = ldns_nsec3_exact_match(wildcard_name, type, nsecs); - - if (nsec3_ex) { - if (verbosity >= 3) { - printf(";; Error, exact match for for name found, but should not exist (draft -07 section 8.8)\n"); - } - result = LDNS_STATUS_NSEC3_ERR; - } else if (!nsec3_ce) { - if (verbosity >= 3) { - printf(";; Error, closest encloser for exact match missing in wildcard response (draft -07 section 8.8)\n"); - } - result = LDNS_STATUS_NSEC3_ERR; -/* - } else if (!nsec3_wc_ex) { - printf(";; Error, no wildcard nsec3 match: "); - ldns_rdf_print(stdout, wildcard_name); - printf(" (draft -07 section 8.8)\n"); - result = LDNS_STATUS_NSEC3_ERR; -*/ -/* } else if (!nsec */ - } else { - if (verbosity >= 3) { - printf(";; wilcard expansion proven\n"); - } - result = LDNS_STATUS_OK; - } - } else { - if (verbosity >= 3) { - printf(";; Error: no NSEC or NSEC3 records in answer\n"); - } - result = LDNS_STATUS_CRYPTO_NO_RRSIG; - } - - if (nsecs && nsec_rrs && nsec_rr_sigs) { - (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, 0)), LDNS_RR_TYPE_NSEC3, nsec_rrs, nsec_rr_sigs); - } - return result; -} - - diff --git a/usr.sbin/unbound/ldns/drill/drill.c b/usr.sbin/unbound/ldns/drill/drill.c index 9077cd69bfb..2f779634d8e 100644 --- a/usr.sbin/unbound/ldns/drill/drill.c +++ b/usr.sbin/unbound/ldns/drill/drill.c @@ -97,7 +97,7 @@ main(int argc, char *argv[]) ldns_pkt *pkt; ldns_pkt *qpkt; char *serv; - char *name; + const char *name; char *name2; char *progname; char *query_file = NULL; diff --git a/usr.sbin/unbound/ldns/drill/drill.h b/usr.sbin/unbound/ldns/drill/drill.h index 70fa0b03e03..69b0396b217 100644 --- a/usr.sbin/unbound/ldns/drill/drill.h +++ b/usr.sbin/unbound/ldns/drill/drill.h @@ -84,11 +84,6 @@ ldns_status ldns_verify_denial(ldns_pkt *pkt, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs); -ldns_status ldns_verify_denial_wildcard(ldns_pkt *pkt, - ldns_rdf *name, - ldns_rr_type type, - ldns_rr_list **nsec_rrs, - ldns_rr_list **nsec_rr_sigs); ldns_status read_key_file(const char *filename, ldns_rr_list *key_list); ldns_pkt *read_hex_pkt(char *filename); diff --git a/usr.sbin/unbound/ldns/drill/drill_util.c b/usr.sbin/unbound/ldns/drill/drill_util.c index 596be9d5418..98d88e7942d 100644 --- a/usr.sbin/unbound/ldns/drill/drill_util.c +++ b/usr.sbin/unbound/ldns/drill/drill_util.c @@ -13,13 +13,13 @@ #include <errno.h> -static int -read_line(FILE *input, char *line) +static size_t +read_line(FILE *input, char *line, size_t len) { - int i; + size_t i; char c; - for (i = 0; i < LDNS_MAX_PACKETLEN; i++) { + for (i = 0; i < len-1; i++) { c = getc(input); if (c == EOF) { return -1; @@ -52,7 +52,7 @@ read_key_file(const char *filename, ldns_rr_list *key_list) return LDNS_STATUS_ERR; } while (line_len >= 0) { - line_len = read_line(input_file, line); + line_len = (int) read_line(input_file, line, sizeof(line)); line_nr++; if (line_len > 0 && line[0] != ';') { status = ldns_rr_new_frm_str(&rr, line, 0, NULL, NULL); @@ -240,7 +240,7 @@ print_dnskey_abbr(FILE *fp, ldns_rr *key) } void -print_rr_list_abbr(FILE *fp, ldns_rr_list *rrlist, char *usr) +print_rr_list_abbr(FILE *fp, ldns_rr_list *rrlist, const char *usr) { size_t i; ldns_rr_type tp; diff --git a/usr.sbin/unbound/ldns/drill/drill_util.h b/usr.sbin/unbound/ldns/drill/drill_util.h index db3a57436a4..de7844118db 100644 --- a/usr.sbin/unbound/ldns/drill/drill_util.h +++ b/usr.sbin/unbound/ldns/drill/drill_util.h @@ -39,7 +39,7 @@ void print_ds_abbr(FILE *fp, ldns_rr *ds); /** * print some rdfs of a rr in a rr_list */ -void print_rr_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr); +void print_rr_list_abbr(FILE *fp, ldns_rr_list *sig, const char *usr); /** * Alloc some memory, with error checking diff --git a/usr.sbin/unbound/ldns/drill/securetrace.c b/usr.sbin/unbound/ldns/drill/securetrace.c index c08b040fbc2..029ebf51d6f 100644 --- a/usr.sbin/unbound/ldns/drill/securetrace.c +++ b/usr.sbin/unbound/ldns/drill/securetrace.c @@ -129,11 +129,8 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, { ldns_resolver *res; ldns_pkt *p, *local_p; - ldns_rr_list *new_nss_a; - ldns_rr_list *new_nss_aaaa; ldns_rr_list *new_nss; ldns_rr_list *ns_addr; - uint16_t loop_count; ldns_rdf *pop; ldns_rdf **labels = NULL; ldns_status status, st; @@ -142,7 +139,6 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, size_t k; size_t l; uint8_t labels_count; - ldns_pkt_type pt; /* dnssec */ ldns_rr_list *key_list; @@ -173,14 +169,10 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, descriptor = ldns_rr_descript(t); - loop_count = 0; - new_nss_a = NULL; - new_nss_aaaa = NULL; new_nss = NULL; ns_addr = NULL; key_list = NULL; ds_list = NULL; - pt = LDNS_PACKET_UNKNOWN; p = NULL; local_p = NULL; @@ -419,7 +411,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, keys used to sign these is trusted, add the keys to the trusted list */ p = get_dnssec_pkt(res, labels[i], LDNS_RR_TYPE_DNSKEY); - pt = get_key(p, labels[i], &key_list, &key_sig_list); + (void) get_key(p, labels[i], &key_list, &key_sig_list); if (key_sig_list) { if (key_list) { current_correct_keys = ldns_rr_list_new(); @@ -490,14 +482,14 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, /* check the DS records for the next child domain */ if (i > 1) { p = get_dnssec_pkt(res, labels[i-1], LDNS_RR_TYPE_DS); - pt = get_ds(p, labels[i-1], &ds_list, &ds_sig_list); + (void) get_ds(p, labels[i-1], &ds_list, &ds_sig_list); if (!ds_list) { ldns_pkt_free(p); if (ds_sig_list) { ldns_rr_list_deep_free(ds_sig_list); } p = get_dnssec_pkt(res, name, LDNS_RR_TYPE_DNSKEY); - pt = get_ds(p, NULL, &ds_list, &ds_sig_list); + (void) get_ds(p, NULL, &ds_list, &ds_sig_list); } if (ds_sig_list) { if (ds_list) { @@ -560,7 +552,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_pkt_free(p); ldns_rr_list_deep_free(ds_sig_list); p = get_dnssec_pkt(res, labels[i-1], LDNS_RR_TYPE_DS); - pt = get_ds(p, labels[i-1], &ds_list, &ds_sig_list); + (void) get_ds(p, labels[i-1], &ds_list, &ds_sig_list); status = ldns_verify_denial(p, labels[i-1], LDNS_RR_TYPE_DS, &nsec_rrs, &nsec_rr_sigs); @@ -616,7 +608,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, } else { /* if this is the last label, just verify the data and stop */ p = get_dnssec_pkt(res, labels[i], t); - pt = get_dnssec_rr(p, labels[i], t, &dataset, &key_sig_list); + (void) get_dnssec_rr(p, labels[i], t, &dataset, &key_sig_list); if (dataset && ldns_rr_list_rr_count(dataset) > 0) { if (key_sig_list && ldns_rr_list_rr_count(key_sig_list) > 0) { @@ -721,8 +713,6 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_pkt_free(p); } - new_nss_aaaa = NULL; - new_nss_a = NULL; new_nss = NULL; ns_addr = NULL; ldns_rr_list_deep_free(key_list); diff --git a/usr.sbin/unbound/ldns/duration.c b/usr.sbin/unbound/ldns/duration.c new file mode 100644 index 00000000000..09de82b324d --- /dev/null +++ b/usr.sbin/unbound/ldns/duration.c @@ -0,0 +1,354 @@ +/* + * $Id: duration.c,v 1.1.1.1 2012/08/23 22:28:41 sthen Exp $ + * + * Copyright (c) 2009 NLNet Labs. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * + * This file is copied from the OpenDNSSEC source repository + * and only slightly adapted to make it fit. + */ + +/** + * + * Durations. + */ + +#include <ldns/config.h> +#include <ldns/duration.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> + + +/** + * Create a new 'instant' duration. + * + */ +ldns_duration_type* +ldns_duration_create(void) +{ + ldns_duration_type* duration; + + duration = malloc(sizeof(ldns_duration_type)); + if (!duration) { + return NULL; + } + duration->years = 0; + duration->months = 0; + duration->weeks = 0; + duration->days = 0; + duration->hours = 0; + duration->minutes = 0; + duration->seconds = 0; + return duration; +} + + +/** + * Compare durations. + * + */ +int +ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2) +{ + if (!d1 && !d2) { + return 0; + } + if (!d1 || !d2) { + return d1?-1:1; + } + + if (d1->years != d2->years) { + return (int) (d1->years - d2->years); + } + if (d1->months != d2->months) { + return (int) (d1->months - d2->months); + } + if (d1->weeks != d2->weeks) { + return (int) (d1->weeks - d2->weeks); + } + if (d1->days != d2->days) { + return (int) (d1->days - d2->days); + } + if (d1->hours != d2->hours) { + return (int) (d1->hours - d2->hours); + } + if (d1->minutes != d2->minutes) { + return (int) (d1->minutes - d2->minutes); + } + if (d1->seconds != d2->seconds) { + return (int) (d1->seconds - d2->seconds); + } + + return 0; +} + + +/** + * Create a duration from string. + * + */ +ldns_duration_type* +ldns_duration_create_from_string(const char* str) +{ + ldns_duration_type* duration = ldns_duration_create(); + char* P, *X, *T, *W; + int not_weeks = 0; + + if (!duration) { + return NULL; + } + if (!str) { + return duration; + } + + P = strchr(str, 'P'); + if (!P) { + ldns_duration_cleanup(duration); + return NULL; + } + + T = strchr(str, 'T'); + X = strchr(str, 'Y'); + if (X) { + duration->years = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'M'); + if (X && (!T || (size_t) (X-P) < (size_t) (T-P))) { + duration->months = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'D'); + if (X) { + duration->days = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + if (T) { + str = T; + not_weeks = 1; + } + X = strchr(str, 'H'); + if (X && T) { + duration->hours = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strrchr(str, 'M'); + if (X && T && (size_t) (X-P) > (size_t) (T-P)) { + duration->minutes = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'S'); + if (X && T) { + duration->seconds = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + + W = strchr(str, 'W'); + if (W) { + if (not_weeks) { + ldns_duration_cleanup(duration); + return NULL; + } else { + duration->weeks = (time_t) atoi(str+1); + str = W; + } + } + return duration; +} + + +/** + * Get the number of digits in a number. + * + */ +static size_t +digits_in_number(time_t duration) +{ + uint32_t period = (uint32_t) duration; + size_t count = 0; + + while (period > 0) { + count++; + period /= 10; + } + return count; +} + + +/** + * Convert a duration to a string. + * + */ +char* +ldns_duration2string(ldns_duration_type* duration) +{ + char* str = NULL, *num = NULL; + size_t count = 2; + int T = 0; + + if (!duration) { + return NULL; + } + + if (duration->years > 0) { + count = count + 1 + digits_in_number(duration->years); + } + if (duration->months > 0) { + count = count + 1 + digits_in_number(duration->months); + } + if (duration->weeks > 0) { + count = count + 1 + digits_in_number(duration->weeks); + } + if (duration->days > 0) { + count = count + 1 + digits_in_number(duration->days); + } + if (duration->hours > 0) { + count = count + 1 + digits_in_number(duration->hours); + T = 1; + } + if (duration->minutes > 0) { + count = count + 1 + digits_in_number(duration->minutes); + T = 1; + } + if (duration->seconds > 0) { + count = count + 1 + digits_in_number(duration->seconds); + T = 1; + } + if (T) { + count++; + } + + str = (char*) calloc(count, sizeof(char)); + str[0] = 'P'; + str[1] = '\0'; + + if (duration->years > 0) { + count = digits_in_number(duration->years); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uY", (unsigned int) duration->years); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->months > 0) { + count = digits_in_number(duration->months); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uM", (unsigned int) duration->months); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->weeks > 0) { + count = digits_in_number(duration->weeks); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uW", (unsigned int) duration->weeks); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->days > 0) { + count = digits_in_number(duration->days); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uD", (unsigned int) duration->days); + str = strncat(str, num, count+2); + free((void*) num); + } + if (T) { + str = strncat(str, "T", 1); + } + if (duration->hours > 0) { + count = digits_in_number(duration->hours); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uH", (unsigned int) duration->hours); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->minutes > 0) { + count = digits_in_number(duration->minutes); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uM", (unsigned int) duration->minutes); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->seconds > 0) { + count = digits_in_number(duration->seconds); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uS", (unsigned int) duration->seconds); + str = strncat(str, num, count+2); + free((void*) num); + } + return str; +} + + +/** + * Convert a duration to a time. + * + */ +time_t +ldns_duration2time(ldns_duration_type* duration) +{ + time_t period = 0; + + if (duration) { + period += (duration->seconds); + period += (duration->minutes)*60; + period += (duration->hours)*3600; + period += (duration->days)*86400; + period += (duration->weeks)*86400*7; + period += (duration->months)*86400*31; + period += (duration->years)*86400*365; + + /* [TODO] calculate correct number of days in this month/year */ + /* + if (duration->months || duration->years) { + } + */ + } + return period; +} + + +/** + * Clean up duration. + * + */ +void +ldns_duration_cleanup(ldns_duration_type* duration) +{ + if (!duration) { + return; + } + free(duration); + return; +} diff --git a/usr.sbin/unbound/ldns/error.c b/usr.sbin/unbound/ldns/error.c index a6195022ea0..cf6788ffb36 100644 --- a/usr.sbin/unbound/ldns/error.c +++ b/usr.sbin/unbound/ldns/error.c @@ -29,6 +29,7 @@ ldns_lookup_table ldns_error_str[] = { { LDNS_STATUS_INVALID_IP4, "Conversion error, ip4 addr expected" }, { LDNS_STATUS_INVALID_IP6, "Conversion error, ip6 addr expected" }, { LDNS_STATUS_INVALID_STR, "Conversion error, string expected" }, + { LDNS_STATUS_INVALID_B32_EXT, "Conversion error, b32 ext encoding expected" }, { LDNS_STATUS_INVALID_B64, "Conversion error, b64 encoding expected" }, { LDNS_STATUS_INVALID_HEX, "Conversion error, hex encoding expected" }, { LDNS_STATUS_INVALID_TIME, "Conversion error, time encoding expected" }, @@ -90,6 +91,10 @@ ldns_lookup_table ldns_error_str[] = { { LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, "original of NSEC3 hashed name could not be found" }, { LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, "The RRSIG has to few rdata fields" }, { LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, "The DNSKEY has to few rdata fields" }, + { LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN, + "DNSSEC signature will expire too soon" }, + { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN, + "DNSSEC signature not incepted long enough" }, { 0, NULL } }; diff --git a/usr.sbin/unbound/ldns/host2str.c b/usr.sbin/unbound/ldns/host2str.c index eff1216a966..c185e0f04db 100644 --- a/usr.sbin/unbound/ldns/host2str.c +++ b/usr.sbin/unbound/ldns/host2str.c @@ -1938,12 +1938,13 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k) NULL #endif ); - -#endif +#else + goto error; +#endif /* GOST */ break; -#ifdef USE_ECDSA case LDNS_SIGN_ECDSAP256SHA256: case LDNS_SIGN_ECDSAP384SHA384: +#ifdef USE_ECDSA ldns_buffer_printf(output, "Private-key-format: v1.2\n"); ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k)); status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k)); @@ -1968,8 +1969,10 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k) EC_KEY_free(ec); } #endif /* splint */ +#else + goto error; +#endif /* ECDSA */ break; -#endif case LDNS_SIGN_HMACMD5: /* there's not much of a format defined for TSIG */ /* It's just a binary blob, Same for all algorithms */ diff --git a/usr.sbin/unbound/ldns/host2wire.c b/usr.sbin/unbound/ldns/host2wire.c index ca28dba9336..b5b0ba8ff20 100644 --- a/usr.sbin/unbound/ldns/host2wire.c +++ b/usr.sbin/unbound/ldns/host2wire.c @@ -113,6 +113,7 @@ ldns_rr2buffer_wire_canonical(ldns_buffer *buffer, case LDNS_RR_TYPE_SRV: case LDNS_RR_TYPE_DNAME: case LDNS_RR_TYPE_A6: + case LDNS_RR_TYPE_RRSIG: pre_rfc3597 = true; break; default: @@ -205,7 +206,7 @@ ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr) /* Convert all the rdfs, except the actual signature data * rdf number 8 - the last, hence: -1 */ for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) { - (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i)); + (void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_rdf(rr, i)); } return ldns_buffer_status(buffer); diff --git a/usr.sbin/unbound/ldns/install-sh b/usr.sbin/unbound/ldns/install-sh index 3f83ce9b555..a9244eb0786 100755 --- a/usr.sbin/unbound/ldns/install-sh +++ b/usr.sbin/unbound/ldns/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2010-02-06.18; # UTC +scriptversion=2011-01-19.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -156,6 +156,10 @@ while test $# -ne 0; do -s) stripcmd=$stripprog;; -t) dst_arg=$2 + # Protect names problematic for `test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac shift;; -T) no_target_directory=true;; @@ -186,6 +190,10 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then fi shift # arg dst_arg=$arg + # Protect names problematic for `test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac done fi @@ -232,9 +240,9 @@ fi for src do - # Protect names starting with `-'. + # Protect names problematic for `test' and other utilities. case $src in - -*) src=./$src;; + -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then @@ -256,12 +264,7 @@ do echo "$0: no destination specified." >&2 exit 1 fi - dst=$dst_arg - # Protect names starting with `-'. - case $dst in - -*) dst=./$dst;; - esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. @@ -389,7 +392,7 @@ do case $dstdir in /*) prefix='/';; - -*) prefix='./';; + [-=\(\)!]*) prefix='./';; *) prefix='';; esac @@ -407,7 +410,7 @@ do for d do - test -z "$d" && continue + test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then diff --git a/usr.sbin/unbound/ldns/keys.c b/usr.sbin/unbound/ldns/keys.c index 3772122afdd..54f26681494 100644 --- a/usr.sbin/unbound/ldns/keys.c +++ b/usr.sbin/unbound/ldns/keys.c @@ -388,14 +388,22 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr) fprintf(stderr, "version of ldns, use --enable-gost\n"); #endif } -#ifdef USE_ECDSA if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) { +#ifdef USE_ECDSA alg = LDNS_SIGN_ECDSAP256SHA256; +#else + fprintf(stderr, "Warning: ECDSA not compiled into this "); + fprintf(stderr, "version of ldns, use --enable-ecdsa\n"); +#endif } if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) { +#ifdef USE_ECDSA alg = LDNS_SIGN_ECDSAP384SHA384; - } +#else + fprintf(stderr, "Warning: ECDSA not compiled into this "); + fprintf(stderr, "version of ldns, use --enable-ecdsa\n"); #endif + } if (strncmp(d, "157 HMAC-MD5", 4) == 0) { alg = LDNS_SIGN_HMACMD5; } @@ -651,15 +659,13 @@ ldns_key_new_frm_fp_dsa(FILE *f) } DSA * -ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr) +ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr)) { int i; char *d; DSA *dsa; uint8_t *buf; - line_nr = line_nr; - d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN); dsa = DSA_new(); @@ -740,14 +746,15 @@ ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size) } unsigned char * -ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr, size_t *hmac_size) +ldns_key_new_frm_fp_hmac_l( FILE *f + , ATTR_UNUSED(int *line_nr) + , size_t *hmac_size + ) { size_t i; char *d; unsigned char *buf; - line_nr = line_nr; - d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN); if(!d || !buf) { @@ -906,11 +913,14 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) return NULL; } #endif /* splint */ +#else + ldns_key_free(k); + return NULL; #endif /* HAVE_SSL and USE_GOST */ break; -#ifdef USE_ECDSA case LDNS_SIGN_ECDSAP256SHA256: case LDNS_SIGN_ECDSAP384SHA384: +#ifdef USE_ECDSA if(alg == LDNS_SIGN_ECDSAP256SHA256) ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); else if(alg == LDNS_SIGN_ECDSAP384SHA384) @@ -937,8 +947,11 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) return NULL; } #endif /* splint */ +#else + ldns_key_free(k); + return NULL; +#endif /* ECDSA */ break; -#endif } ldns_key_set_algorithm(k, alg); return k; @@ -1466,11 +1479,14 @@ ldns_key2rr(const ldns_key *k) } #endif /* splint */ internal_data = 1; +#else + ldns_rr_free(pubkey); + return NULL; #endif /* HAVE_SSL and USE_GOST */ break; -#ifdef USE_ECDSA case LDNS_SIGN_ECDSAP256SHA256: case LDNS_SIGN_ECDSAP384SHA384: +#ifdef USE_ECDSA ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8( LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); bin = NULL; @@ -1497,8 +1513,11 @@ ldns_key2rr(const ldns_key *k) * to the pkey */ EC_KEY_free(ec); internal_data = 1; +#else + ldns_rr_free(pubkey); + return NULL; +#endif /* ECDSA */ break; -#endif case LDNS_SIGN_HMACMD5: case LDNS_SIGN_HMACSHA1: case LDNS_SIGN_HMACSHA256: @@ -1533,6 +1552,7 @@ ldns_key_free(ldns_key *key) void ldns_key_deep_free(ldns_key *key) { + unsigned char* hmac; if (ldns_key_pubkey_owner(key)) { ldns_rdf_deep_free(ldns_key_pubkey_owner(key)); } @@ -1542,7 +1562,8 @@ ldns_key_deep_free(ldns_key *key) } #endif /* HAVE_SSL */ if (ldns_key_hmac_key(key)) { - free(ldns_key_hmac_key(key)); + hmac = ldns_key_hmac_key(key); + LDNS_FREE(hmac); } LDNS_FREE(key); } diff --git a/usr.sbin/unbound/ldns/ldns/common.h.in b/usr.sbin/unbound/ldns/ldns/common.h.in index 98470eea577..5d6254752a5 100644 --- a/usr.sbin/unbound/ldns/ldns/common.h.in +++ b/usr.sbin/unbound/ldns/ldns/common.h.in @@ -20,7 +20,6 @@ * as detected and determined by the auto configure script. */ #define LDNS_BUILD_CONFIG_HAVE_SSL @ldns_build_config_have_ssl@ -#define LDNS_BUILD_CONFIG_USE_ECDSA @ldns_build_config_use_ecdsa@ #define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H @ldns_build_config_have_inttypes_h@ #define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT @ldns_build_config_have_attr_format@ #define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED @ldns_build_config_have_attr_unused@ diff --git a/usr.sbin/unbound/ldns/ldns/dnssec_verify.h b/usr.sbin/unbound/ldns/ldns/dnssec_verify.h index 1350f485895..32036a8c0b0 100644 --- a/usr.sbin/unbound/ldns/ldns/dnssec_verify.h +++ b/usr.sbin/unbound/ldns/ldns/dnssec_verify.h @@ -209,7 +209,7 @@ ldns_status ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, const ldns_status parent_status); /** - * Generates a dnssec_trust_ttree for the given rr from the + * Generates a dnssec_trust_tree for the given rr from the * given data_chain * * This does not clone the actual data; Don't free the @@ -224,7 +224,7 @@ ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree( ldns_rr *rr); /** - * Generates a dnssec_trust_ttree for the given rr from the + * Generates a dnssec_trust_tree for the given rr from the * given data_chain * * This does not clone the actual data; Don't free the diff --git a/usr.sbin/unbound/ldns/ldns/dnssec_zone.h b/usr.sbin/unbound/ldns/ldns/dnssec_zone.h index e2dd40291af..4d2642fd1b4 100644 --- a/usr.sbin/unbound/ldns/ldns/dnssec_zone.h +++ b/usr.sbin/unbound/ldns/ldns/dnssec_zone.h @@ -360,6 +360,33 @@ void ldns_dnssec_name_print_fmt(FILE *out, ldns_dnssec_zone *ldns_dnssec_zone_new(); /** + * Create a new dnssec zone from a file. + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] c default class to use (IN) + * \param[in] ttl default ttl to use + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, + ldns_rdf* origin, uint32_t ttl, ldns_rr_class c); + +/** + * Create a new dnssec zone from a file, keep track of the line numbering + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] ttl default ttl to use + * \param[in] c default class to use (IN) + * \param[out] line_nr used for error msg, to get to the line number + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, + ldns_rdf* origin, uint32_t ttl, ldns_rr_class c, int* line_nr); + +/** * Frees the given zone structure, and its rbtree of dnssec_names * Individual ldns_rr RRs within those names are *not* freed * \param[in] *zone the zone to free @@ -433,6 +460,15 @@ void ldns_dnssec_zone_print_fmt(FILE *out, */ ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone); +/** + * If a NSEC3PARAM is available in the apex, walks the zone and returns true + * on the first optout nsec3. + * + * \param[in] zone the zone to check for nsec3 optout records + * return true when the zone has at least one nsec3 optout record. + */ +bool ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone); + #ifdef __cplusplus } #endif diff --git a/usr.sbin/unbound/ldns/ldns/duration.h b/usr.sbin/unbound/ldns/ldns/duration.h new file mode 100644 index 00000000000..a3cc54fb7f0 --- /dev/null +++ b/usr.sbin/unbound/ldns/ldns/duration.h @@ -0,0 +1,109 @@ +/* + * $Id: duration.h,v 1.1.1.1 2012/08/23 22:28:45 sthen Exp $ + * + * Copyright (c) 2009 NLNet Labs. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * + * This file is copied from the OpenDNSSEC source repository + * and only slightly adapted to make it fit. + */ + +/** + * + * Durations. + */ + +#ifndef LDNS_DURATION_H +#define LDNS_DURATION_H + +#include <stdint.h> +#include <time.h> + +/** + * Duration. + * + */ +typedef struct ldns_duration_struct ldns_duration_type; +struct ldns_duration_struct +{ + time_t years; + time_t months; + time_t weeks; + time_t days; + time_t hours; + time_t minutes; + time_t seconds; +}; + +/** + * Create a new 'instant' duration. + * \return ldns_duration_type* created duration + * + */ +ldns_duration_type* ldns_duration_create(void); + +/** + * Compare durations. + * \param[in] d1 one duration + * \param[in] d2 another duration + * \return int 0 if equal, -1 if d1 < d2, 1 if d2 < d1 + * + */ +int ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2); + +/** + * Create a duration from string. + * \param[in] str string-format duration + * \return ldns_duration_type* created duration + * + */ +ldns_duration_type* ldns_duration_create_from_string(const char* str); + +/** + * Convert a duration to a string. + * \param[in] duration duration to be converted + * \return char* string-format duration + * + */ +char* ldns_duration2string(ldns_duration_type* duration); + +/** + * Convert a duration to a time. + * \param[in] duration duration to be converted + * \return time_t time-format duration + * + */ +time_t ldns_duration2time(ldns_duration_type* duration); + +/** + * Clean up duration. + * \param[in] duration duration to be cleaned up + * + */ +void ldns_duration_cleanup(ldns_duration_type* duration); + +#endif /* LDNS_DURATION_H */ diff --git a/usr.sbin/unbound/ldns/ldns/error.h b/usr.sbin/unbound/ldns/ldns/error.h index 99d4f0bfe85..6396a934664 100644 --- a/usr.sbin/unbound/ldns/ldns/error.h +++ b/usr.sbin/unbound/ldns/ldns/error.h @@ -100,7 +100,9 @@ enum ldns_enum_status { LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, - LDNS_STATUS_MISSING_RDATA_FIELDS_KEY + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, + LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN, + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN }; typedef enum ldns_enum_status ldns_status; diff --git a/usr.sbin/unbound/ldns/ldns/keys.h b/usr.sbin/unbound/ldns/ldns/keys.h index ad3ff25bb8d..c4bf536911f 100644 --- a/usr.sbin/unbound/ldns/ldns/keys.h +++ b/usr.sbin/unbound/ldns/ldns/keys.h @@ -54,12 +54,8 @@ enum ldns_enum_algorithm LDNS_RSASHA256 = 8, /* RFC 5702 */ LDNS_RSASHA512 = 10, /* RFC 5702 */ LDNS_ECC_GOST = 12, /* RFC 5933 */ -#if LDNS_BUILD_CONFIG_USE_ECDSA - /* this ifdef has to be removed once it is no longer experimental, - * to be able to use these values outside of the ldns library itself */ - LDNS_ECDSAP256SHA256 = 13, /* draft-hoffman-dnssec-ecdsa */ - LDNS_ECDSAP384SHA384 = 14, /* EXPERIMENTAL */ -#endif + LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ + LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ LDNS_INDIRECT = 252, LDNS_PRIVATEDNS = 253, LDNS_PRIVATEOID = 254 @@ -73,12 +69,8 @@ enum ldns_enum_hash { LDNS_SHA1 = 1, /* RFC 4034 */ LDNS_SHA256 = 2, /* RFC 4509 */ - LDNS_HASH_GOST = 3 /* RFC 5933 */ -#if LDNS_BUILD_CONFIG_USE_ECDSA - /* this ifdef has to be removed once it is no longer experimental, - * to be able to use these values outside of the ldns library itself */ - ,LDNS_SHA384 = 4 /* draft-hoffman-dnssec-ecdsa EXPERIMENTAL */ -#endif + LDNS_HASH_GOST = 3, /* RFC 5933 */ + LDNS_SHA384 = 4 /* RFC 6605 */ }; typedef enum ldns_enum_hash ldns_hash; @@ -95,12 +87,8 @@ enum ldns_enum_signing_algorithm LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, -#if LDNS_BUILD_CONFIG_USE_ECDSA - /* this ifdef has to be removed once it is no longer experimental, - * to be able to use these values outside of the ldns library itself */ LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, -#endif LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ LDNS_SIGN_HMACSHA256 = 159 /* ditto */ diff --git a/usr.sbin/unbound/ldns/ldns/ldns.h b/usr.sbin/unbound/ldns/ldns/ldns.h index 6f577337500..79152543348 100644 --- a/usr.sbin/unbound/ldns/ldns/ldns.h +++ b/usr.sbin/unbound/ldns/ldns/ldns.h @@ -99,6 +99,7 @@ Or you can just use the menu above to browse through the API docs. #include <ldns/dnssec.h> #include <ldns/dnssec_verify.h> #include <ldns/dnssec_sign.h> +#include <ldns/duration.h> #include <ldns/error.h> #include <ldns/higher.h> #include <ldns/host2str.h> diff --git a/usr.sbin/unbound/ldns/ldns/rr.h b/usr.sbin/unbound/ldns/ldns/rr.h index 2e1dd76b48f..9882931b488 100644 --- a/usr.sbin/unbound/ldns/ldns/rr.h +++ b/usr.sbin/unbound/ldns/ldns/rr.h @@ -166,17 +166,18 @@ enum ldns_enum_rr_type /** draft-ietf-dnsext-delegation */ LDNS_RR_TYPE_DS = 43, /** SSH Key Fingerprint */ - LDNS_RR_TYPE_SSHFP = 44, - /** draft-richardson-ipseckey-rr-11.txt */ - LDNS_RR_TYPE_IPSECKEY = 45, - /** draft-ietf-dnsext-dnssec-25 */ - LDNS_RR_TYPE_RRSIG = 46, - LDNS_RR_TYPE_NSEC = 47, - LDNS_RR_TYPE_DNSKEY = 48, - LDNS_RR_TYPE_DHCID = 49, - - LDNS_RR_TYPE_NSEC3 = 50, - LDNS_RR_TYPE_NSEC3PARAM = 51, + LDNS_RR_TYPE_SSHFP = 44, /* RFC 4255 */ + /** IPsec Key */ + LDNS_RR_TYPE_IPSECKEY = 45, /* RFC 4025 */ + /** DNSSEC */ + LDNS_RR_TYPE_RRSIG = 46, /* RFC 4034 */ + LDNS_RR_TYPE_NSEC = 47, /* RFC 4034 */ + LDNS_RR_TYPE_DNSKEY = 48, /* RFC 4034 */ + + LDNS_RR_TYPE_DHCID = 49, /* RFC 4701 */ + /* NSEC3 */ + LDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */ + LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */ LDNS_RR_TYPE_NSEC3PARAMS = 51, /** draft-ietf-dnsop-trust-history */ diff --git a/usr.sbin/unbound/ldns/ldns/rr_functions.h b/usr.sbin/unbound/ldns/ldns/rr_functions.h index 3db3b3dfa84..09a28dd7f87 100644 --- a/usr.sbin/unbound/ldns/ldns/rr_functions.h +++ b/usr.sbin/unbound/ldns/ldns/rr_functions.h @@ -268,18 +268,18 @@ typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*); /** * Function to be used with dns_rr_soa_increment_func_int, to set the soa * serial number. - * \param[in] _ the (unused) current serial number. + * \param[in] unused the (unused) current serial number. * \param[in] data the serial number to be set. */ -uint32_t ldns_soa_serial_identity(uint32_t _, void *data); +uint32_t ldns_soa_serial_identity(uint32_t unused, void *data); /** * Function to be used with dns_rr_soa_increment_func, to increment the soa * serial number with one. * \param[in] s the current serial number. - * \param[in] _ unused. + * \param[in] unused unused. */ -uint32_t ldns_soa_serial_increment(uint32_t s, void *_); +uint32_t ldns_soa_serial_increment(uint32_t s, void *unused); /** * Function to be used with dns_rr_soa_increment_func_int, to increment the soa diff --git a/usr.sbin/unbound/ldns/ldns_symbols.def b/usr.sbin/unbound/ldns/ldns_symbols.def index ced23a53888..1ed0f9e2137 100644 --- a/usr.sbin/unbound/ldns/ldns_symbols.def +++ b/usr.sbin/unbound/ldns/ldns_symbols.def @@ -150,11 +150,14 @@ ldns_dnssec_zone_deep_free ldns_dnssec_zone_find_nsec3_original ldns_dnssec_zone_find_rrset ldns_dnssec_zone_free +ldns_dnssec_zone_is_nsec3_optout ldns_dnssec_zone_mark_and_get_glue ldns_dnssec_zone_mark_glue ldns_dnssec_zone_names_print ldns_dnssec_zone_names_print_fmt ldns_dnssec_zone_new +ldns_dnssec_zone_new_frm_fp +ldns_dnssec_zone_new_frm_fp_l ldns_dnssec_zone_print ldns_dnssec_zone_print_fmt ldns_dnssec_zone_sign diff --git a/usr.sbin/unbound/ldns/ltmain.sh b/usr.sbin/unbound/ldns/ltmain.sh index b4a3231ca3b..c2852d85613 100755 --- a/usr.sbin/unbound/ldns/ltmain.sh +++ b/usr.sbin/unbound/ldns/ltmain.sh @@ -1,9 +1,9 @@ -# libtool (GNU libtool) 2.4 +# libtool (GNU libtool) 2.4.2 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, -# 2007, 2008, 2009, 2010 Free Software Foundation, Inc. +# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -41,6 +41,7 @@ # --quiet, --silent don't print informational messages # --no-quiet, --no-silent # print informational messages (default) +# --no-warn don't display warning messages # --tag=TAG use configuration variables from tag TAG # -v, --verbose print more informational messages than default # --no-verbose don't print the extra informational messages @@ -69,7 +70,7 @@ # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.4 Debian-2.4-2ubuntu1 +# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1ubuntu1 # automake: $automake_version # autoconf: $autoconf_version # @@ -79,9 +80,9 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4 Debian-2.4-2ubuntu1" +VERSION="2.4.2 Debian-2.4.2-1ubuntu1" TIMESTAMP="" -package_revision=1.3293 +package_revision=1.3337 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then @@ -136,15 +137,10 @@ progpath="$0" : ${CP="cp -f"} test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} -: ${EGREP="/bin/grep -E"} -: ${FGREP="/bin/grep -F"} -: ${GREP="/bin/grep"} -: ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} -: ${SED="/bin/sed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} @@ -387,7 +383,7 @@ case $progpath in ;; *) save_IFS="$IFS" - IFS=: + IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS="$save_IFS" test -x "$progdir/$progname" && break @@ -771,8 +767,8 @@ func_help () s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LD*'"$LD"'* s/\$with_gnu_ld/'"$with_gnu_ld"'/ - s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ - s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ + s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ p d } @@ -1052,6 +1048,7 @@ opt_finish=false opt_help=false opt_help_all=false opt_silent=: +opt_warning=: opt_verbose=: opt_silent=false opt_verbose=false @@ -1120,6 +1117,10 @@ esac opt_silent=false func_append preserve_args " $opt" ;; + --no-warning|--no-warn) + opt_warning=false +func_append preserve_args " $opt" + ;; --no-verbose) opt_verbose=false func_append preserve_args " $opt" @@ -2059,7 +2060,7 @@ func_mode_compile () *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ - *.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup) + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; @@ -3201,11 +3202,13 @@ func_mode_install () # Set up the ranlib parameters. oldlib="$destdir/$name" + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then - func_show_eval "$old_striplib $oldlib" 'exit $?' + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. @@ -3470,7 +3473,7 @@ static const void *lt_preloaded_setup() { # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. - *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; @@ -3982,14 +3985,17 @@ func_exec_program_core () # launches target application with the remaining arguments. func_exec_program () { - for lt_wr_arg - do - case \$lt_wr_arg in - --lt-*) ;; - *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; - esac - shift - done + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac func_exec_program_core \${1+\"\$@\"} } @@ -5057,9 +5063,15 @@ void lt_dump_script (FILE* f) { EOF func_emit_wrapper yes | - $SED -e 's/\([\\"]\)/\\\1/g' \ - -e 's/^/ fputs ("/' -e 's/$/\\n", f);/' - + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' cat <<"EOF" } EOF @@ -5643,7 +5655,8 @@ func_mode_link () continue ;; - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" @@ -6150,7 +6163,8 @@ func_mode_link () lib= found=no case $deplib in - -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" @@ -6834,7 +6848,7 @@ func_mode_link () test "$hardcode_direct_absolute" = no; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then - add_dir="-L$dir" + add_dir="-L$absdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in @@ -7319,6 +7333,7 @@ func_mode_link () # which has an extra 1 added just for fun # case $version_type in + # correct linux to gnu/linux during the next big refactor darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result @@ -7438,7 +7453,7 @@ func_mode_link () versuffix="$major.$revision" ;; - linux) + linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" @@ -8026,6 +8041,11 @@ EOF # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then + # Remove ${wl} instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= @@ -8056,7 +8076,7 @@ EOF elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; - *) func_apped perm_rpath " $libdir" ;; + *) func_append perm_rpath " $libdir" ;; esac fi done @@ -8064,11 +8084,7 @@ EOF if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" - if test -n "$hardcode_libdir_flag_spec_ld"; then - eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" - else - eval dep_rpath=\"$hardcode_libdir_flag_spec\" - fi + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. @@ -9158,6 +9174,8 @@ EOF esac done fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" @@ -9267,7 +9285,8 @@ EOF *.la) func_basename "$deplib" name="$func_basename_result" - eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + func_resolve_sysroot "$deplib" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" diff --git a/usr.sbin/unbound/ldns/parse.c b/usr.sbin/unbound/ldns/parse.c index 15cc300f90c..ac9bdbdd556 100644 --- a/usr.sbin/unbound/ldns/parse.c +++ b/usr.sbin/unbound/ldns/parse.c @@ -377,10 +377,8 @@ ldns_bskipcs(ldns_buffer *buffer, const char *s) } void -ldns_fskipc(FILE *fp, char c) +ldns_fskipc(ATTR_UNUSED(FILE *fp), ATTR_UNUSED(char c)) { - fp = fp; - c = c; } diff --git a/usr.sbin/unbound/ldns/rbtree.c b/usr.sbin/unbound/ldns/rbtree.c index 217e61d2757..4fbc067eb70 100644 --- a/usr.sbin/unbound/ldns/rbtree.c +++ b/usr.sbin/unbound/ldns/rbtree.c @@ -43,6 +43,7 @@ #include <ldns/config.h> #include <ldns/rbtree.h> +#include <ldns/util.h> #include <stdlib.h> /** Node colour black */ @@ -81,7 +82,7 @@ ldns_rbtree_create (int (*cmpf)(const void *, const void *)) ldns_rbtree_t *rbtree; /* Allocate memory for it */ - rbtree = (ldns_rbtree_t *) malloc(sizeof(ldns_rbtree_t)); + rbtree = (ldns_rbtree_t *) LDNS_MALLOC(ldns_rbtree_t); if (!rbtree) { return NULL; } @@ -104,7 +105,7 @@ ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *)) void ldns_rbtree_free(ldns_rbtree_t *rbtree) { - free(rbtree); + LDNS_FREE(rbtree); } /* diff --git a/usr.sbin/unbound/ldns/resolver.c b/usr.sbin/unbound/ldns/resolver.c index 732f2a8a776..1a788a363fe 100644 --- a/usr.sbin/unbound/ldns/resolver.c +++ b/usr.sbin/unbound/ldns/resolver.c @@ -1274,7 +1274,7 @@ ldns_axfr_next(ldns_resolver *resolver) status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire, packet_wire_size); - free(packet_wire); + LDNS_FREE(packet_wire); resolver->_axfr_i = 0; if (status != LDNS_STATUS_OK) { diff --git a/usr.sbin/unbound/ldns/rr.c b/usr.sbin/unbound/ldns/rr.c index b61e119309b..8f4ce85c7eb 100644 --- a/usr.sbin/unbound/ldns/rr.c +++ b/usr.sbin/unbound/ldns/rr.c @@ -1736,6 +1736,9 @@ ldns_rr2canonical(ldns_rr *rr) /* * lowercase the rdata dnames if the rr type is one * of the list in chapter 7 of RFC3597 + * Also added RRSIG, because a "Signer's Name" should be canonicalized + * too. See dnssec-bis-updates-16. We can add it to this list because + * the "Signer's Name" is the only dname type rdata field in a RRSIG. */ switch(ldns_rr_get_type(rr)) { case LDNS_RR_TYPE_NS: @@ -1760,6 +1763,7 @@ ldns_rr2canonical(ldns_rr *rr) case LDNS_RR_TYPE_SRV: case LDNS_RR_TYPE_DNAME: case LDNS_RR_TYPE_A6: + case LDNS_RR_TYPE_RRSIG: for (i = 0; i < ldns_rr_rd_count(rr); i++) { ldns_dname2canonical(ldns_rr_rdf(rr, i)); } @@ -2056,6 +2060,7 @@ static ldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_NULL, "TYPE55", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 58 */ {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, {LDNS_RR_TYPE_NULL, "TYPE59", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE60", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, diff --git a/usr.sbin/unbound/ldns/rr_functions.c b/usr.sbin/unbound/ldns/rr_functions.c index b4847d62c64..b03751b01ec 100644 --- a/usr.sbin/unbound/ldns/rr_functions.c +++ b/usr.sbin/unbound/ldns/rr_functions.c @@ -341,12 +341,12 @@ ldns_rr_dnskey_key_size(const ldns_rr *key) ); } -uint32_t ldns_soa_serial_identity(uint32_t ATTR_UNUSED(_), void *data) +uint32_t ldns_soa_serial_identity(uint32_t ATTR_UNUSED(unused), void *data) { return (uint32_t) (intptr_t) data; } -uint32_t ldns_soa_serial_increment(uint32_t s, void *ATTR_UNUSED(_)) +uint32_t ldns_soa_serial_increment(uint32_t s, void *ATTR_UNUSED(unused)) { return ldns_soa_serial_increment_by(s, (void *)1); } @@ -360,19 +360,19 @@ uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data) { struct tm tm; char s_str[11]; - uint32_t new_s; + int32_t new_s; time_t t = data ? (time_t) (intptr_t) data : ldns_time(NULL); (void) strftime(s_str, 11, "%Y%m%d00", localtime_r(&t, &tm)); - new_s = (uint32_t) atoi(s_str); - return new_s > s ? new_s : s+1; + new_s = (int32_t) atoi(s_str); + return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s); } uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data) { - uint32_t new_s = data ? (uint32_t) (intptr_t) data - : (uint32_t) ldns_time(NULL); - return new_s > s ? new_s : s+1; + int32_t new_s = data ? (int32_t) (intptr_t) data + : (int32_t) ldns_time(NULL); + return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s); } void diff --git a/usr.sbin/unbound/ldns/str2host.c b/usr.sbin/unbound/ldns/str2host.c index 4ec9d379bc7..2783f0805a4 100644 --- a/usr.sbin/unbound/ldns/str2host.c +++ b/usr.sbin/unbound/ldns/str2host.c @@ -259,17 +259,21 @@ ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr) */ static int parse_escape(uint8_t *s, uint8_t *q) { - uint8_t val; + uint16_t val; if (strlen((char *)s) > 3 && isdigit((int) s[1]) && isdigit((int) s[2]) && isdigit((int) s[3])) { /* cast this so it fits */ - val = (uint8_t) ldns_hexdigit_to_int((char) s[1]) * 100 + + val = (uint16_t) ldns_hexdigit_to_int((char) s[1]) * 100 + ldns_hexdigit_to_int((char) s[2]) * 10 + ldns_hexdigit_to_int((char) s[3]); - *q = val; - return 3; + if (val > 255) { + /* outside range */ + return 0; + } + *q = (uint8_t) val; + return 3; } else { s++; if (*s == '\0' || isdigit((int) *s)) { @@ -776,30 +780,30 @@ ldns_str2rdf_alg(ldns_rdf **rd, const char *str) } ldns_status -ldns_str2rdf_unknown(ldns_rdf **rd, const char *str) +ldns_str2rdf_unknown( ATTR_UNUSED(ldns_rdf **rd) + , ATTR_UNUSED(const char *str) + ) { /* this should be caught in an earlier time (general str2host for rr's */ - rd = rd; - str = str; return LDNS_STATUS_NOT_IMPL; } ldns_status -ldns_str2rdf_tsig(ldns_rdf **rd, const char *str) +ldns_str2rdf_tsig( ATTR_UNUSED(ldns_rdf **rd) + , ATTR_UNUSED(const char *str) + ) { - /* there is no strign representation for TSIG rrs */ - rd = rd; - str = str; + /* there is no string representation for TSIG rrs */ return LDNS_STATUS_NOT_IMPL; } ldns_status -ldns_str2rdf_service(ldns_rdf **rd, const char *str) +ldns_str2rdf_service( ATTR_UNUSED(ldns_rdf **rd) + , ATTR_UNUSED(const char *str) + ) { /* is this used? is this actually WKS? or SRV? */ - rd = rd; - str = str; return LDNS_STATUS_NOT_IMPL; } diff --git a/usr.sbin/unbound/ldns/util.c b/usr.sbin/unbound/ldns/util.c index f49a30d1e28..a7ab96080ce 100644 --- a/usr.sbin/unbound/ldns/util.c +++ b/usr.sbin/unbound/ldns/util.c @@ -107,6 +107,10 @@ ldns_get_bit_r(uint8_t bits[], size_t index) void ldns_set_bit(uint8_t *byte, int bit_nr, bool value) { + /* + * The bits are counted from right to left, so bit #0 is the + * right most bit. + */ if (bit_nr >= 0 && bit_nr < 8) { if (value) { *byte = *byte | (0x01 << bit_nr); |